Certificate Management

Easy-access certificate management

In Firefox, the Certificate Manager and other critical options are buried behind many windows and clicks; once Penango is installed, users can access both the Certificate Manager and the Penango Options window with just one click from the Tools menu. You or your IT administrator can use the certificate manager to view, backup, import, export, and delete certificates.

Penango includes broad support for certificates from public and private certification authorities. All certification authorities that are in the trust anchor stores (root stores) of the browser or platform are accepted. However, Penango specifically recognizes certain well-known certification authorities and displays additional information when certificates issued from those CAs are present. These CAs include VeriSign (Symantec), Comodo, Wells Fargo Bank, TC TrustCenter (PGP TrustCenter), DanID (the Danish citizen PKI), Verizon Business CyberTrust, StartCom, GlobalSign, and Deutsche Telekom (T-Systems).

Certificate lookup while you type

As soon as you enter in a recipient's e-mail address, Penango begins to look for that person's certificate in public, enterprise, and user-specified LDAP directories. Other e-mail clients wait to search for certificates until you hit "Send"; Penango starts the search right away and does so quickly, using our patent-pending Automatic LDAP-Based Certificate Directory Lookup.

Automatic LDAP-Based Certificate Directory Lookup

Penango features automatic certificate directory lookup via LDAP. When a user enters the e-mail address of a recipient and valid certificates are not present in the local store, Penango automatically contacts public LDAP servers that are associated with that e-mail address to obtain valid certificates. (This saves users the hassle of having to exchange initial signed e-mails to obtain certificates; users can send encrypted messages immediately, without the hassle of per-user configuration management.) Penango imports found certificates into the local store. Penango validates all certificates prior to use; finding a certificate on an LDAP server does not endow the certificate with any special properties.

For LDAP servers that are not recorded in Penango’s internal tables, Penango attempts to determine the LDAP servers associated with particular domains via other means, namely via DNS SRV record lookups in accordance with RFC 2782.

Organizations that use Penango, and organizations that have partners that use Penango, are encouraged to submit certificate directory lookup information so that Penango can automatically find certificates across Penango’s installed base.